Lucene search
K
GithubMost viewed

33187 matches found

Github Security Blog
Github Security Blog
•added 2022/09/21 9:42 p.m.•45 views

@netlify/ipx vulnerable to Full Response SSRF and Stored XSS via Cache Poisoning and Improper Host Validation

Impact By sending specially crafted headers an attacker can bypass the source image domain allowlist, causing the handler to load and return arbitrary images. Because the response is cached globally, this image will then be served to visitors without requiring those headers to be set. XSS can be...

6.1CVSS5.5AI score0.00358EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
•added 2022/09/20 12:0 a.m.•45 views

CRI-O incorrect handling of supplementary groups may lead to sensitive information disclosure

Incorrect handling of the supplementary groups in the CRI-O container engine might lead to sensitive information disclosure or possible data modification if an attacker has direct access to the affected container where supplementary groups are used to set access permissions and is able to execute...

7.1CVSS6.9AI score0.0037EPSS
Exploits1References5Affected Software1
Github Security Blog
Github Security Blog
•added 2022/08/30 8:18 p.m.•45 views

Directus vulnerable to unhandled exception on illegal filename_disk value

The Directus process can be aborted by having an authorized user update the filenamedisk value to a folder and accessing that file through the /assets endpoint. The vulnerability is patched and released in v9.15.0. You can prevent this problem by making sure no untrusted non-admin users have...

6.5CVSS6.3AI score0.00837EPSS
Exploits1References3Affected Software1
Github Security Blog
Github Security Blog
•added 2022/08/22 12:0 a.m.•45 views

Remote code execution in Apache Flume

Apache Flume versions 1.4.0 through 1.10.0 are vulnerable to a remote code execution RCE attack when a configuration uses a JMS Source with a JNDI LDAP data source URI when an attacker has control of the target LDAP server. This issue is fixed by limiting JNDI to allow only the use of the java...

9.8CVSS9.2AI score0.0231EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
•added 2022/08/06 5:48 a.m.•45 views

DSpace ItemImportService API Vulnerable to Path Traversal in Simple Archive Format Package Import

Impact ItemImportServiceImpl is vulnerable to a path traversal vulnerability. This means a malicious SAF simple archive format package could cause a file/directory to be created anywhere the Tomcat/DSpace user can write to on the server. However, this path traversal vulnerability is only possible...

7.2CVSS6.7AI score0.01118EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
•added 2022/07/28 12:0 a.m.•45 views

Lack of authentication mechanism in Jenkins Git Plugin webhook

Git Plugin provides a webhook endpoint at /git/notifyCommit that can be used to notify Jenkins of changes to an SCM repository. For its most basic functionality, this endpoint receives a repository URL, and Jenkins will schedule polling for all jobs configured with the specified repository. In Gi...

7.5CVSS7.5AI score0.05563EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
•added 2022/07/15 9:56 p.m.•45 views

Workers for local Dask clusters mistakenly listened on public interfaces

Versions of distributed earlier than 2021.10.0 had a potential security vulnerability relating to single-machine Dask clusters. Clusters started with dask.distributed.LocalCluster or dask.distributed.Client which defaults to using LocalCluster would mistakenly configure their respective Dask...

9.8CVSS2.8AI score0.02876EPSS
Exploits0References9Affected Software1
Github Security Blog
Github Security Blog
•added 2022/07/02 12:0 a.m.•45 views

Unrestricted Upload of File with Dangerous Type in MCMS

MCMS v5.2.8 was discovered to contain an arbitrary file upload vulnerability...

9.8CVSS9.2AI score0.01471EPSS
Exploits1References3Affected Software1
Github Security Blog
Github Security Blog
•added 2022/06/24 12:0 a.m.•45 views

Cross-site Scripting in Jenkins Agent Server Parameter Plugin

Jenkins Agent Server Parameter Plugin 1.1 and earlier does not escape the name and description of Agent Server parameters on views displaying parameters, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure permission. Exploitation of this...

5.4CVSS5.7AI score0.00606EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
•added 2022/06/21 10:51 p.m.•45 views

DoS through large manifest files in Argo CD

Impact All versions of Argo CD starting with v0.7.0 are vulnerable to an uncontrolled memory consumption bug, allowing an authorized malicious user to crash the repo-server service. The repo-server is a critical component of Argo CD, so crashing the repo-server effectively denies core Argo CD...

6.5CVSS6.7AI score0.0083EPSS
Exploits0References3Affected Software2
Github Security Blog
Github Security Blog
•added 2022/06/17 1:2 a.m.•45 views

ProxyAgent vulnerable to MITM

Description Undici.ProxyAgent never verifies the remote server's certificate, and always exposes all request & response data to the proxy. This unexpectedly means that proxies can MitM all HTTPS traffic, and if the proxy's URL is HTTP then it also means that nominally HTTPS requests are actually...

6.5CVSS6.2AI score0.00382EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
•added 2022/06/09 11:47 p.m.•45 views

Fix failure to strip Authorization header on HTTP downgrade

Impact Authorization headers on requests are sensitive information. On making a request using the https scheme to a server which responds with a redirect to a URI with the http scheme, we should not forward the Authorization header on. This is much the same as to how we don't forward on the heade...

7.5CVSS7.3AI score0.0182EPSS
Exploits0References8Affected Software1
Github Security Blog
Github Security Blog
•added 2022/05/30 12:0 a.m.•45 views

Stored Cross-site Scripting in gitea

Cross-site Scripting XSS - Stored in GitHub repository go-gitea/gitea prior to 1.16.9 via unfiltered pdfs...

5.4CVSS1.9AI score0.00751EPSS
Exploits1References6Affected Software1
Github Security Blog
Github Security Blog
•added 2022/05/24 7:12 p.m.•45 views

Read buffer overruns processing ASN.1 strings

ASN.1 strings are represented internally within OpenSSL as an ASN1STRING structure which contains a buffer holding the string data and a field holding the buffer length. This contrasts with normal C strings which are repesented as a buffer for the string data which is terminated with a NUL 0 byte...

7.4CVSS7.8AI score0.50445EPSS
Exploits0References32Affected Software1
Github Security Blog
Github Security Blog
•added 2022/05/24 5:8 p.m.•45 views

Token stored in plain text by DigitalOcean Plugin

Jenkins DigitalOcean Plugin 1.1 and earlier stores a token unencrypted in the global config.xml file on the Jenkins master where it can be viewed by users with access to the master file system...

4.3CVSS4.9AI score0.00691EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
•added 2022/05/19 12:0 a.m.•45 views

Cross-site Scripting in moodle

A flaw was found in moodle where ID numbers displayed when bulk allocating markers to assignments required additional sanitizing to prevent a stored XSS risk...

5.4CVSS6.8AI score0.00828EPSS
Exploits0References9Affected Software1
Github Security Blog
Github Security Blog
•added 2022/05/17 1:46 a.m.•45 views

OpenStack Horizon Session Fixation

Session fixation vulnerability in OpenStack Dashboard Horizon folsom-1 and 2012.1 allows remote attackers to hijack web sessions via the sessionid cookie...

6.8CVSS7.2AI score0.0211EPSS
Exploits1References14Affected Software1
Github Security Blog
Github Security Blog
•added 2022/05/17 1:33 a.m.•45 views

Django cross-site scripting (XSS) vulnerability in the AdminURLFieldWidget widget

Cross-site scripting XSS vulnerability in the AdminURLFieldWidget widget in contrib/admin/widgets.py in Django 1.5.x before 1.5.2 and 1.6.x before 1.6 beta 2 allows remote attackers to inject arbitrary web script or HTML via a URLField...

4.3CVSS5.2AI score0.0288EPSS
Exploits2References10Affected Software1
Github Security Blog
Github Security Blog
•added 2022/05/14 2:47 a.m.•45 views

Exposure of Sensitive Information to an Unauthorized Actor in Apache Sling Servlets Post

The Servlets Post component 2.3.6 in Apache Sling, as used in Adobe Experience Manager 5.6.1, 6.0.0, and 6.1.0, allows remote attackers to obtain sensitive information via unspecified vectors...

7.8CVSS5.9AI score0.46187EPSS
Exploits6References7Affected Software1
Github Security Blog
Github Security Blog
•added 2022/05/14 1:57 a.m.•45 views

Arbitrary code execution in Apache Struts 2

Apache Struts 2 before 2.3.14.3 allows remote attackers to execute arbitrary OGNL code via a request with a crafted action name that is not properly handled during wildcard matching, a different vulnerability than CVE-2013-2135...

9.3CVSS7.7AI score0.70211EPSS
Exploits1References19Affected Software2
Github Security Blog
Github Security Blog
•added 2022/05/14 1:10 a.m.•45 views

Exposure of Sensitive Information to an Unauthorized Actor in Apache Tomcat

Apache Tomcat before 6.0.39, 7.x before 7.0.50, and 8.x before 8.0.0-RC10 allows attackers to obtain "Tomcat internals" information by leveraging the presence of an untrusted web application with a context.xml, web.xml, .jspx, .tagx, or .tld XML document containing an external entity declaration ...

4.3CVSS3.6AI score0.09487EPSS
Exploits1References29Affected Software1
Github Security Blog
Github Security Blog
•added 2022/05/14 1:0 a.m.•45 views

Apache Camel camel-hessian component vulnerable to Java object deserialization

The camel-hessian component in Apache Camel 2.x before 2.19.4 and 2.20.x before 2.20.1 is vulnerable to Java object de-serialisation vulnerability. De-serializing untrusted data can lead to security flaws...

9.8CVSS2.7AI score0.07133EPSS
Exploits3References8Affected Software1
Github Security Blog
Github Security Blog
•added 2022/05/14 12:54 a.m.•45 views

ClassLoader manipulation in Apache Struts

CookieInterceptor in Apache Struts before 2.3.20, when a wildcard cookiesName value is used, does not properly restrict access to the getClass method, which allows remote attackers to "manipulate" the ClassLoader and execute arbitrary code via a crafted request. NOTE: this vulnerability exists...

7.5CVSS8.8AI score0.78451EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
•added 2022/05/13 1:33 a.m.•45 views

Uncontrolled Resource Consumption in Undertow

It was found that URLResource.getLastModified in Undertow closes the file descriptors only when they are finalized which can cause file descriptors to exhaust. This leads to a file handler leak...

6.5CVSS1.6AI score0.02329EPSS
Exploits0References8Affected Software1
Github Security Blog
Github Security Blog
•added 2022/05/13 1:20 a.m.•45 views

ChakraCore RCE Vulnerability

A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka "Chakra Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-8541, CVE-2018-8542,...

7.6CVSS7AI score0.14159EPSS
Exploits0References7Affected Software1
Github Security Blog
Github Security Blog
•added 2022/05/13 1:12 a.m.•45 views

Insufficient Verification of Data Authenticity in Async Http Client

Async Http Client aka AHC or async-http-client before 1.9.0 skips X.509 certificate verification unless both a keyStore location and a trustStore location are explicitly set, which allows man-in-the-middle attackers to spoof HTTPS servers by presenting an arbitrary certificate during use of a...

4.3CVSS1.9AI score0.00993EPSS
Exploits0References12Affected Software1
Github Security Blog
Github Security Blog
•added 2022/05/13 1:9 a.m.•45 views

Improper Neutralization of CRLF Sequences in urllib3 library for Python

In the urllib3 library through 1.24.2 for Python, CRLF injection is possible if the attacker controls the request parameter...

6.1CVSS8.4AI score0.02056EPSS
Exploits1References18Affected Software1
Github Security Blog
Github Security Blog
•added 2022/05/13 1:1 a.m.•45 views

Path Traversal in Jenkins

A path traversal vulnerability exists in Jenkins 2.120 and older, LTS 2.107.2 and older in FilePath.java, SoloFilePathFilter.java that allows malicious agents to read and write arbitrary files on the Jenkins master, bypassing the agent-to-master security subsystem protection...

8.1CVSS3.7AI score0.02612EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
•added 2022/05/02 12:6 a.m.•45 views

Joomla! Open Redirect vulnerability

Multiple open redirect vulnerabilities in Joomla! 1.5 before 1.5.7 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a "passed in" URL...

5.8CVSS7AI score0.0137EPSS
Exploits0References8Affected Software1
Github Security Blog
Github Security Blog
•added 2022/04/28 9:16 p.m.•45 views

Arbitrary filesystem write access from velocity.

Impact The velocity scripts is not properly sandboxed against using the Java File API to perform read or write operations on the filesystem. Now writing an attacking script in velocity requires the Script rights in XWiki so not all users can use it, and it also requires finding an XWiki API which...

7.5CVSS0.5AI score0.01476EPSS
Exploits1References6Affected Software1
Github Security Blog
Github Security Blog
•added 2022/04/13 12:0 a.m.•45 views

SQL Injection in Django

A SQL injection issue was discovered in QuerySet.explain in Django 2.2 before 2.2.28, 3.2 before 3.2.13, and 4.0 before 4.0.4. This occurs by passing a crafted dictionary with dictionary expansion as the options argument, and placing the injection payload in an option name...

9.8CVSS9.5AI score0.02919EPSS
Exploits0References14Affected Software1
Github Security Blog
Github Security Blog
•added 2022/04/08 12:0 a.m.•45 views

Unsafe parsing in SWHKD

SWHKD 1.1.5 allows unsafe parsing via the -c option. An information leak might occur but there is a simple denial of service memory exhaustion upon an attempt to parse a large or infinite file such as a block or character device...

5.3CVSS4.2AI score0.00822EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
•added 2022/04/07 3:18 p.m.•45 views

SQL Injection when creating an application with Reactive SQL backend

Impact SQL Injection vulnerability in entities for applications generated with the option "reactive with Spring WebFlux" enabled and an SQL database using r2dbc. Applications created without "reactive with Spring WebFlux" and applications with NoSQL databases are not affected. If you have generat...

8.1CVSS1.4AI score0.01356EPSS
Exploits1References5Affected Software1
Github Security Blog
Github Security Blog
•added 2022/04/05 5:47 p.m.•45 views

Sensitive Auth & Cookie data stored in Jupyter server logs

Anytime a 5xx error is triggered, the auth cookie and other header values are recorded in Jupyter server logs by default. Considering these logs do not require root access, an attacker can monitor these logs, steal sensitive auth/cookie information, and gain access to the Jupyter server. Upgrade ...

7.5CVSS1.3AI score0.01054EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
•added 2022/03/31 10:44 p.m.•45 views

URL Redirection to Untrusted Site ('Open Redirect') in express-openid-connect

Impact Users of the requiresAuth middleware, either directly or through the default authRequired option, are vulnerable to an Open Redirect when the middleware is applied to a catch all route. If all routes under example.com are protected with the requiresAuth middleware, a visit to...

7.5CVSS1.2AI score0.0071EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
•added 2022/03/19 12:1 a.m.•45 views

golang.org/x/crypto/ssh Denial of service via crafted Signer

The golang.org/x/crypto/ssh package before 0.0.0-20220314234659-1baeb1ce4c0b for Go allows an attacker to crash a server in certain circumstances involving AddHostKey...

7.5CVSS8.7AI score0.03931EPSS
Exploits0References20Affected Software1
Github Security Blog
Github Security Blog
•added 2022/03/18 12:1 a.m.•45 views

Path traversal in github.com/valyala/fasthttp

The package github.com/valyala/fasthttp before 1.34.0 is vulnerable to Directory Traversal via the ServeFile function, due to improper sanitization. It is possible to be exploited by using a backslash %5c character in the path. Note: This security issue impacts Windows users only...

7.5CVSS5.6AI score0.02457EPSS
Exploits1References8Affected Software1
Github Security Blog
Github Security Blog
•added 2022/03/15 7:2 p.m.•45 views

Improper Authorization in org.cometd.oort

Impact Internal usage of Oort and Seti channels is improperly authorized, so any remote user could subscribe and publish to those channels. By subscribing to those channels, a remote user may be able to watch cluster-internal traffic that contains other user's possibly sensitive data. By publishi...

8.1CVSS1.2AI score0.01101EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
•added 2022/02/22 12:0 a.m.•45 views

url-parse incorrectly parses hostname / protocol due to unstripped leading control characters.

Leading control characters in a URL are not stripped when passed into url-parse. This can cause input URLs to be mistakenly be interpreted as a relative URL without a hostname and protocol, while the WHATWG URL parser will trim control characters and treat it as an absolute URL. If url-parse is...

9.8CVSS8.1AI score0.0222EPSS
Exploits1References7Affected Software1
Github Security Blog
Github Security Blog
•added 2022/02/15 1:57 a.m.•45 views

Denial of service in Grafana

The snapshot feature in Grafana before 7.4.2 can allow an unauthenticated remote attackers to trigger a Denial of Service via a remote API call if a commonly used configuration is set. Specific Go Packages Affected github.com/grafana/grafana/pkg/middleware...

7.5CVSS7.5AI score0.83042EPSS
Exploits0References7Affected Software1
Github Security Blog
Github Security Blog
•added 2022/02/10 8:51 p.m.•45 views

Cross-site scripting in Apache Atlas

Apache Atlas before 2.1.0 contain a XSS vulnerability. While saving search or rendering elements values are not sanitized correctly and because of that it triggers the XSS vulnerability...

6.1CVSS2.5AI score0.02587EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
•added 2022/02/10 8:25 p.m.•45 views

Authentication bypass in Apache Kylin

Apache Kylin 2.0.0, 2.1.0, 2.2.0, 2.3.0, 2.3.1, 2.3.2, 2.4.0, 2.4.1, 2.5.0, 2.5.1, 2.5.2, 2.6.0, 2.6.1, 2.6.2, 2.6.3, 2.6.4, 2.6.5, 2.6.6, 3.0.0-alpha, 3.0.0-alpha2, 3.0.0-beta, 3.0.0, 3.0.1, 3.0.2, 3.1.0, 4.0.0-alpha has one restful api which exposed Kylin's configuration information without any...

5.3CVSS2.5AI score0.78331EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
•added 2022/02/09 11:8 p.m.•45 views

Path Traversal in Crafter CMS Crafter Studio

Crafter CMS Crafter Studio 3.0.1 has a directory traversal vulnerability which allows unauthenticated attackers to view files from the operating system...

7.5CVSS7.4AI score0.01996EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
•added 2022/02/09 10:44 p.m.•45 views

Remote code execution in Apache TomEE

If Apache TomEE 8.0.0-M1 - 8.0.3, 7.1.0 - 7.1.3, 7.0.0-M1 - 7.0.8, 1.0.0 - 1.7.5 is configured to use the embedded ActiveMQ broker, and the broker config is misconfigured, a JMX port is opened on TCP port 1099, which does not include authentication. CVE-2020-11969 previously addressed the creatio...

9.8CVSS2.1AI score0.03654EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
•added 2022/02/09 10:41 p.m.•45 views

Signatures are mistakenly recognized to be valid in jsrsasign

In the jsrsasign package through 10.1.13 for Node.js, some invalid RSA PKCS1 v1.5 signatures are mistakenly recognized to be valid. NOTE: there is no known practical attack...

9.1CVSS4.9AI score0.0096EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
•added 2022/02/07 7:6 p.m.•45 views

Path traversal and dereference of symlinks in Argo CD

Impact All versions of Argo CD are vulnerable to a path traversal bug that allows to pass arbitrary values files to be consumed by Helm charts. Additionally, it is possible to craft special Helm chart packages containing value files that are actually symbolic links, pointing to arbitrary files...

7.7CVSS7.8AI score0.02693EPSS
Exploits1References7Affected Software2
Github Security Blog
Github Security Blog
•added 2022/02/01 4:22 p.m.•45 views

Path Traversal in SharpZipLib

SharpZipLib or ziplib is a Zip, GZip, Tar and BZip2 library. Prior to version 1.3.3, a TAR file entry ../evil.txt may be extracted in the parent directory of destFolder. This leads to arbitrary file write that may lead to code execution. The vulnerability was patched in version 1.3.3...

9.8CVSS4.1AI score0.01959EPSS
Exploits1References5Affected Software1
Github Security Blog
Github Security Blog
•added 2022/01/28 11:6 p.m.•45 views

Cross-site Scripting in livehelperchat

Stored XSS attacks exist in new the form creation flow. New forms can be given a title which will render javascript...

6.5CVSS1.6AI score0.00687EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
•added 2022/01/28 10:25 p.m.•45 views

Path traversal in Apache Karaf

Apache Karaf obr: commands and run goal on the karaf-maven-plugin have partial path traversal which allows to break out of expected folder. The risk is low as obr: commands are not very used and the entry is set by user. This has been fixed in revision:...

5.3CVSS3.1AI score0.0283EPSS
Exploits0References7Affected Software1
Github Security Blog
Github Security Blog
•added 2022/01/21 11:52 p.m.•45 views

Cross-site Scripting in Apache Knox SSO

When using Apache Knox SSO prior to 1.6.1, a request could be crafted to redirect a user to a malicious page due to improper URL parsing. A request that included a specially crafted request parameter could be used to redirect the user to a page controlled by an attacker. This URL would need to be...

6.1CVSS1.1AI score0.02579EPSS
Exploits0References4Affected Software1
Total number of security vulnerabilities5000